A rapid spread of global infections has prompted security experts to raise their risk assessment of the recently discovered W32/Bagle.b@MM, also known as Bagle.b, to medium.
The virus contains a remote access Trojan component that allows hackers to take control of compromised computers.
Antivirus firm McAfee's Avert team has reported seeing more than 100 samples of the infection from customers around the world, while MessageLabs claims to have captured 1,339 incidents of the worm.
Like its predecessor, the Bagle.b worm is an internet mass mailer which harvests addresses from local .wab, .txt, .htm and .html files.
The worm uses the harvested addresses in both the 'From' and 'To' fields and sends itself using its own SMTP engine.
The remote access component of the virus listens on TCP port 8866 for remote connections. It tries to notify the virus author of its readiness to accept commands.
But the worm ceases to propagate from computers with a system date of 25 February 2004 or later.
Users are advised to delete any email containing the following:
From: [spoofed address]
Subject: ID [random string] ... thanks
Body: Yours ID [random string] -- Thank
Further details on the worm and instructions for its removal are available from Avert here.